fea: sec empUser saver#38
Open
aibot88 wants to merge 1 commit into
Open
Conversation
|
你好,邮件已经收到。 非常感谢!
|
|
你的邮件我已经收到
|
Member
|
谢谢您的 pr,我这有更好的方案,您参考一下: 查看 EmpUserController 的 get 方法,有添加 addDataScopeFilter 权限过滤 修改 EmpUserServiceSupport 的 get 方法,super.get修改为 super.getByEntity 支持实体中的查询条件配置 配置后,如果当前用户无权限,则无法获取到对应用户信息。这样就就无法对该数据进行操作。 当获取不到信息时,可能会认为新增数据,这时会有 登录名 员工账号 等重复校验。 |
Author
|
cool👍👍👍
thinkgem ***@***.***>于2026年5月25日 周一21:37写道:
… *think-gem* left a comment (thinkgem/jeesite5#38)
<#38 (comment)>
谢谢您的 pr,我这有更好的方案,您参考一下:
查看 EmpUserController 的 get 方法,有添加 addDataScopeFilter 权限过滤
@ModelAttribute
public EmpUser get(String userCode, boolean isNewRecord, Boolean isAll, String ctrlPermi) {
EmpUser empUser = new EmpUser();
empUser.setUserCode(userCode);
empUser.setIsNewRecord(isNewRecord);
// 更严格的权限控制,对单条数据进行数据权限过滤(isAll 是一个开关,正常不需要添加)
if (StringUtils.isNotBlank(userCode) && !(isAll != null && isAll) || Global.isStrictMode()) {
empUserService.addFieldScopeFilter(empUser);
empUserService.addDataScopeFilter(empUser, ctrlPermi);
}
return empUserService.getAndValid(empUser);
}
修改 EmpUserServiceSupport 的 get 方法,super.get修改为 super.getByEntity
支持实体中的查询条件配置
@OverRide
public EmpUser get(EmpUser empUser) {
return super.getByEntity(empUser);
}
配置后,如果当前用户无权限,则无法获取到对应用户信息。这样就就无法对该数据进行操作。
当获取不到信息时,可能会认为新增数据,这时会有 登录名 员工账号 等重复校验。
—
Reply to this email directly, view it on GitHub
<#38 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHXBCWJLSRJI2PHAB2EAVXD44REAHAVCNFSM6AAAAACZL3OO7KVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHM2DKMZUGY4DSNJVHE>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
vuln-fix: Issue 1:organizations and post rebinding
Used interface
POST
${adminPath}/sys/empUser/saveMissing Porpety Checks